CREATED 1 HOUR AGO by AlienVault Public TLP: White The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. It was initially thought that Kaseya might have been compromised themselves as a root cause — similar to the compromises associated with SolarWinds software in December of 2020. Instead, the attackers found and leveraged an unpatched…
CREATED 1 HOUR AGO by AlienVault Public TLP: White In 2021 ESET detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, they found new functionality and changes to this malware, known as Bandook. They also found that…
CREATED 10 HOURS AGO by AlienVault Public TLP: White Ryuk ransomware, which encrypts files and demands payment in Bitcoin for the release of the keys used to decrypt them, is now targeting web servers, according to a report published by McAfee.REFERENCE:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-ryuk-ransomware-targeting-webservers.pdf TAGS:ryuk, ransomware MALWARE FAMILY:Ryuk ATT&CK IDS:T1134 – Access Token Manipulation, T1059.003 – Windows Command Shell, T1471 – Data Encrypted for…
CREATED 10 HOURS AGO by AlienVault Public TLP: White Kaspersky has discovered a new campaign from the WildPressure threat actor. This campaign includes the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. REFERENCE:https://securelist.com/wildpressure-targets-macos/103072/ TAGS:milum, wildpressure, macos, apt, tandis, python guard ADVERSARY:WildPressure MALWARE FAMILIES:Milum, Tandis, Python Guard ATT&CK IDS:T1047 – Windows Management Instrumentation, T1140 – Deobfuscate/Decode Files…
Microsoft recently announced its next generation of the Windows operating system, Windows 11. If you’re thinking that seems odd given it did announce some years back that Windows 10 would be the “final” version of Windows, you’re not alone. For many years now, Microsoft’s simply provided Windows 10 updates rather than “new” versions of Windows,…
A notorious hacker group known as REvil – “Ransomware Evil” – has used an exploit to encrypt thousands of enterprise systems worldwide and is demanding US$70 million ($92 million) in Bitcoin to release the data. The hackers exploited a vulnerability in a remote monitoring and management platform called Kaseya VSA to distribute their malware around…
CREATED 2 HOURS AGO by AlienVault Public TLP: White Sophos has issued an advisory to customers of its Kaseya VSA server that is being used in an industry wide supply chain attack using a variant of the REvil ransomware to demand a ransom. REFERENCES: https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customershttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/ TAGS: Kaseya, REvil MALWARE FAMILIES: Kaseya, REvil ATT&CK IDS: T1195 – Supply Chain Compromise, T1560 – Archive…
CREATED 14 HOURS AGO by AlienVault Public TLP: White A round-up of interesting technology-related news and information from Dr Web.Web.com, which is available on the Google Play app, on Android devices, and on our desktop site. REFERENCES:https://news.drweb.com/show/?i=14244&lng=enhttps://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.PWS.Facebook/README.adoc TAGS:android, facebook, google play, android device, Trojan MALWARE FAMILIES:PWS.Facebook.18, PWS.Facebook.15 ATT&CK IDS:T1606 – Forge Web Credentials, T1020 – Automated Exfiltration
REFERENCE:https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider TAGS:conti, diavol, egregor, WIZARD SPIDER, Ransomware ADVERSARY:WIZARD SPIDER MALWARE FAMILIES:Conti, Diavol ATT&CK IDS:T1059 – Command and Scripting Interpreter, T1106 – Native API, T1070 – Indicator Removal on Host, T1057 – Process Discovery, T1040 – Network Sniffing, T1083 – File and Directory Discovery, T1027 – Obfuscated Files or Information, T1071 – Application Layer Protocol, T1082 – System Information Discovery, T1135 – Network Share Discovery, T1485 – Data Destruction, T1486 – Data…
Below is a list of CVEs for the selected month. NOTE: The CVEs shown below have a release date in the year and month chosen. The CVE ID may show a year value that does not match the release date, however, the release date will fall within the chosen year and month. 30 entries found for July 2021 CVE-2021-20752 CVE-2021-20778…